How to activate GIF device in CONFIG.XML???



  • Hi,

    does anybody know how to activate the GIF Interface for IPSec? I found the following hint …

    ============= SNIP ===============

    What has happended with the gif interface? is it comming back?

    It's still there, just no GUI.    Stick <creategif>in the ipsec
    profile in question in /cf/conf/config.xml
    ============= SNIP ===============

    ... and may be it'd work - but i'm not familar with xml and dont know where to put it in exactly in config.xml!

    Ciao</creategif>



  • @EmL:

    Hi,

    does anybody know how to activate the GIF Interface for IPSec? I found the following hint …

    ============= SNIP ===============

    What has happended with the gif interface? is it comming back?

    It's still there, just no GUI.    Stick <creategif>in the ipsec
    profile in question in /cf/conf/config.xml
    ============= SNIP ===============

    ... and may be it'd work - but i'm not familar with xml and dont know where to put it in exactly in config.xml!

    Ciao</creategif>

    Assuming the code is still active (to my knowledge nobody has ever used it), it'd obviously be completely unsupported and would work pfSense to pfSense only (well, maybe to linux IPIP and the other BSDs).  In /conf/config.xml look for the ipsec tag, find the tunnel definition and add <creategif>inside that tag.  Again, this is unsupported, if you don't grok XML (it's basically what HTML is), I wouldn't recommend playing with it. And always, always, before playing with intentionally locked out features, backup first.

    –Bill</creategif>



  • Hi Bill,

    thx for your answer, i will try this the next days. I'm only wondering why its not (or not anymore) supported, because of the feature list and screenshots on http://www.pfsense.org/screens/ipsec-multisubnet.gif … is there any known issue with this feature?

    My goal is to filter IPSec Traffic - i had read this is possible with the gif device. Am I right or is there a other way to do so?

    Happy New Year
    EmL



  • Its unsupported due to the lack of testing before the beta cycle.



  • interesting i forgot about this feature i will give it a try asw well over the next few days and report back



  • Hello. hope this revives the old thread =)

    I'd like to confirm that by adding "<creategif>" tag in /conf/config.xml would enable gif device in pfsense ?
    ( I just have upgraded my pfsense to the latest snapshot 1.0.1-SNAPSHOT-03-23-2007
    built on Tue Mar 27 18:37:11 EDT 2007 )
    Would adding that tag make the FreeBSD kernel to enable gif device right away ?
    ( or do i need to restart pfsense first )

    I'm trying to make pfsense to be able to act as an IP-in-IP decapsulation point. I've heard that gif device
    support IP-in-IP protocol. I'm just wondering that pfsense's freebsd does support gif device ?</creategif>



  • the only reason I'm aware of that people were wanting to use gif devices is for filtering, now filtering is possible by default with enc(4) in current snapshots.


Log in to reply